7 Ocak 2019 Pazartesi

IEEE 802.1Q Frame

Giriş
Ethernet II Frame'lerinin VLAN Tag'i konulacak şekilde genişletilmesidir. Açıklaması şöyle
802.1q frames are a different format than "standard" Ethernet (802.3). Standard Ethernet frames do not have VLAN IDs. A PC or other device transmits and receives Ethernet frames (802.3).
Açıklaması şöyle.
Remember that 802.1Q adds to the ethernet frame, moving the Ether Type field down, and inserting a different Ether Type field and other fields.
Açıklaması şöyle.
A virtual LAN (VLAN) is any broadcast domain that is partitioned and isolated in a computer network at the data link layer (OSI layer 2). A LAN is an abbreviation for local area network and in this context virtual refers to a physical object recreated and altered by additional logic. VLANs work through tags within network packets and tag handling in networking systems - recreating the appearance and functionality of network traffic that is physically on a single network but acts as if it is split between separate networks. In this way, VLANs can keep networks separate despite being connected to the same network, and without requiring multiple sets of cabling and networking devices to be deployed.
VID Alanı
VLAN Identifier (VID) alanı 12 bit uzunluğundadır. 0 - 4095 arasında değer alabilir. Ancak 0 ve 4095 kullanılmadığı için 4094 tane farklı VLAN kurulabilir. Açıklaması şöyle.
802.1Q allows different 4094 VLANs, 0 and 4095 are reserved and can't be used.
Bu alana isim verilemez. Verilen isimler üreticiye özel (vendor specific şeylerdir. Açıklaması şöyle.
The VLAN tag in an Ethernet packet is a 12 bit interger, providing 4096 numbered values. There is no string identification in the packet.

Since management of VLANs via numbers only is a burden on human memory and thus error-prone, vendors have soon started to allow associating a descriptive name with the numerical tags to ease that burden - but these names are local either to each device or in the best case to a family of devices that share a configuration database. AFAIK there is no cross-vendor way to synchronize name-number tuples.
Paket Büyüklüğü
Bir 802.1Q paketi FCS hariç en fazla 1518 byte uzunluğunda olabilir. 1500 byte veridir + 18 byte header. VID için ayrılan 12 bit 4 byte büyüklüğünde yer kaplar. FCS 4 byte'tır ancak çoğu ethernet sürücüsü FCS'i okumaya izin vermez.

VLAN Nedir ?
Açıklaması şöyle.
VLAN can be used to isolate your IoT traffic from the rest of your networking devices.

A VLAN is a way of telling your networking equipment (your router) to treat certain wires to behave like they are a completely separate network, behind a firewall and dedicated to communicating in private. Some of the more expensive home networking routers can be set up this way, but setting it up complex, and will be different for each router.
VLAN ve Subnet
Açıklaması şöyle. VLAN ile genelde bir subnet kullanılır.
VLANs are layer 2 constructs. Subnets are layer 3 constructs. While normally there is a 1:1 correspondence between VLANs and subnets, it isn't always the case. You can have multiple subnets per VLAN or a subnet that spans multiple VLANs.
Inter VLAN Routing
Aynı switch üzerinde VLAN'lerin birbirleriyle iletişim kurabilmesi için kullanılır. Bir projede VLAN1'den gelen paketleri VLAN0'ın trunk portune göndermek için static routing kuralı tanımladık. Kuralda tag:0 kullanılınca tag bilgisi paketten siliniyordu.

Native VLAN Nedir?
802.1q standardında Native VLAN kavramı var. Bu şu anlama geliyor. Normalde switch'in tag'lenmiş ethernet frame'leri alması beklenir. Ancak eğer olurda tag'siz bir frame gelirse bizim belirlediğimiz bir VLAN olarak taglenebilir. Buna Native VLAN deniyor.

Access Port Nedir?
Cisco terminolojisinde VLAN olarak tag'lenmemiş frame'leri alan port'tur.

Trunk Nedir?
Cisco terminolojisinde VLAN olarak tag'lenmiş frame'leri alan port'tur. Açıklaması şöyle
A trunk allows pretagged packets to passthrough without changing the tag while an access port takes the packets it receives and retags them.
Açıklaması şöyle
Tags are used on trunks in order to tell the other end of the link which frames are on which VLAN. A switch receiving frames on an access interface already knows to which VLAN the frames belong.
Açıklaması şöyle
When a switch transmits frames on a trunk, it uses 802.1q framing, which includes a VLAN tag. If the switch is transmitting frames with tags, then that port is a trunk port. Most hosts do not understand 802.1q frames, so they ignore them. That is why you can have tagged and untagged frames on the same port. But it's still a trunk port.
Örnek
İki switch arasında şöyledir
Switch A VLAN 10 -> Switch B VLAN 10
Örnek
İki host ve switch arasında şöyledir.
H1 --- S1 --- S2 --- S3 --- H2
Açıklaması şöyle
Hx are hosts, Sx are switches. Both hosts are connected with access port on VLAN 20 to the corresponding switches, while all the other ports are trunks. No VTP is enabled, meaning that only S1 and S3 has VLAN20 in their table.

This is how I reason the process of sending a frame from H1 to H2:

*The frame is tagged with VLAN 20 upon leaving via the trunk port from S1
* The frame reaches S2, since it can't recognize the VLAN, it simply drops the frame, hence H2 doesn't receive the frame.




Hiç yorum yok:

Yorum Gönder